OSI LAYERS

The Open Systems Interconnect (OSI) model has seven layers. The layers are stacked this way:

Application Presentation Session Transport Network Data Link Physical

PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:

Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines: What signal state represents a binary 1 How the receiving station knows when a "bit-time" starts How the receiving station delimits a frame. Physical medium attachment, accommodating various possibilities in the medium:
o o o

Will an external transceiver (MAU) be used to connect to the medium? How many pins do the connectors have and what is each pin used for? Transmission technique: determines whether the encoded bits will be transmitted by baseband (digital) or broadband (analog) signaling. Physical medium transmission: transmits bits as electrical or optical signals appropriate for the physical medium, and determines:
o o o o

What physical medium options can be used How many volts/db should be used to represent a given signal state, using a given physical medium.

DATA LINK LAYER

The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:

Link establishment and termination: establishes and terminates the logical link between two nodes. Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available. Frame sequencing: transmits/receives frames sequentially. Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting nonacknowledged frames and handling duplicate frame receipt. Frame delimiting: creates and recognizes frame boundaries. Frame error checking: checks received frames for integrity. Media access management: determines when the node "has the right" to use the physical medium.

NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:

Routing: routes frames among networks. Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to "throttle back" its frame transmission when the router's buffer fills up. Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station. Logical-physical address mapping: translates logical addresses, or names, into physical addresses. Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.

Communications Subnet The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address. This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet). In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.

TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers. The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery. The transport layer provides:

Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units

down to the network layer. The transport layer at the destination station reassembles the message. Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments. Message traffic control: tells the transmitting station to "back-off" when no message buffers are available. Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).

Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, pre pending a header to each frame. The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above. End-to-end layers Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and is not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.

SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:

Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session. Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on .

PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, and then translate the common format to a format known to the application layer at the receiving station.

The presentation layer provides: Character code translation: for example, ASCII to EBCDIC. Data conversion: bit order, CR-CR/LF, integer-floating point, and so on. Data compression: reduces the number of bits that need to be transmitted on the network. 4. Data encryption: encrypt data for security purposes. For example, password encryption.
1. 2. 3.

APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:

Resource sharing and device redirection Remote file access Remote printer access Inter-process communication Network management Directory services Electronic messaging (such as mail) Network virtual terminals.

IPV4 ADDRESSING
An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.[1] An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: "A name indicates what we seek. An address indicates where it is. A route indicates how to get there. The designers of the Internet Protocol defined an IP address as a 32bit number and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), using 128 bits for the address, was developed in 1995.[3] IPv6 was standardized as RFC 2460 in 1998, [4] and its deployment has been ongoing since the mid-2000s. IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6).

The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet service providers) and other entities.

IP versions
Two versions of the Internet Protocol (IP) are in use: IP Version 4 and IP Version 6. Each version defines an IP address differently. Because of its prevalence, the generic term IP address typically still refers to the addresses defined by IPv4. The gap in version sequence between IPv4 and IPv6 resulted from the assignment of number 5 to the experimental Internet Stream Protocol in 1979, which however was never referred to as IPv5. IPv4 addresses Main article: IPv4#Addressing

Decomposition of an IPv4 address from dot-decimal notation to its binary value. In IPv4 an address consists of 32 bits which limits the address space to 4294967296 (232) possible unique addresses. IPv4 reserves some addresses for special purposes such as private networks (18 million addresses) or multicast addresses (270 million addresses). IPv4 addresses are canonically represented in dot-decimal notation, which consists of four decimal numbers, each ranging from 0 to 255, separated by dots, e.g., 172.16.254.1. Each part represents a group of 8 bits (octet) of the address. In some cases of technical writing, IPv4 addresses may be presented in various hexadecimal, octal, or binary representations. IPv4 sub netting In the early stages of development of the Internet Protocol, [1] network administrators interpreted an IP address in two parts: network number portion and host number portion. The highest order octet (most significant eight bits) in an address was designated as the network number and the remaining bits were called the rest field or host identifier and were used for host numbering within a network.

This early method soon proved inadequate as additional networks developed that were independent of the existing networks already designated by a network number. In 1981, the Internet addressing specification was revised with the introduction of classful network architecture. Classful network design allowed for a larger number of individual network assignments and fine-grained subnet work design. The first three bits of the most significant octet of an IP address were defined as the class of the address. Three classes (A, B, and C) were defined for universal unicast addressing. Depending on the class derived, the network identification was based on octet boundary segments of the entire address. Each class used successively additional octets in the network identifier, thus reducing the possible number of hosts in the higher order classes (B and C). The following table gives an overview of this now obsolete system. Classful network architecture Size of Size of Leading network Number Addresses Start Class rest bits number bit of networks per network address bit field field 16,777,216 A 0 8 24 128 (27) 0.0.0.0 (224) B 10 16 16 16,384 (214) 65,536 (216) 128.0.0.0 2,097,152 C 110 24 8 256 (28) 192.0.0.0 21 (2 ) End address

127.255.255.255 191.255.255.255 223.255.255.255

Classful network design served its purpose in the startup stage of the Internet, but it lacked scalability in the face of the rapid expansion of the network in the 1990s. The class system of the address space was replaced with Classless Inter-Domain Routing (CIDR) in 1993. CIDR is based on variable-length subnet masking (VLSM) to allow allocation and routing based on arbitrary-length prefixes. Today, remnants of classful network concepts function only in a limited scope as the default configuration parameters of some network software and hardware components (e.g. net mask), and in the technical jargon used in network administrators' discussions. IPv4 private addresses Early network design, when global end-to-end connectivity was envisioned for communications with all Internet hosts, intended that IP addresses be uniquely assigned to a particular computer or device. However, it was found that this was not always necessary as private networks developed and public address space needed to be conserved.

Computers not connected to the Internet, such as factory machines that communicate only with each other via TCP/IP, need not have globally unique IP addresses. Three ranges of IPv4 addresses for private networks were reserved in RFC 1918. These addresses are not routed on the Internet and thus their use need not be coordinated with an IP address registry. Today, when needed, such private networks typically connect to the Internet through network address translation (NAT). IANA-reserved private IPv4 network ranges Start End No. of addresses 24-bit block (/8 prefix, 1 A) 10.0.0.0 10.255.255.255 16777216 20-bit block (/12 prefix, 16 B) 172.16.0.0 172.31.255.255 1048576 16-bit block (/16 prefix, 256 C) 192.168.0.0 192.168.255.255 65536 Any user may use any of the reserved blocks. Typically, a network administrator will divide a block into subnets; for example, many home routers automatically use a default address range of 192.168.0.0 through 192.168.0.255 (192.168.0.0/24).

IPv4 address exhaustion

IPv4 address exhaustion is the decreasing supply of unallocated Internet Protocol Version 4 (IPv4) addresses available at the Internet Assigned Numbers Authority (IANA) and the regional Internet registries (RIRs) for assignment to end users and local Internet registries, such as Internet service providers. IANA's primary address pool was exhausted on 3 February 2011, when the last 5 blocks were allocated to the 5 RIRs.APNIC was the first RIR to exhaust its regional pool on 15 April 2011, except for a small amount of address space reserved for the transition to IPv6, intended to be allocated in a restricted process.

Introduction to Routers

It is an internetworking device used to connect two or more different networks It works on layer 3 i.e. network layer.

It does two basic things:Select the best path from the routing table. Forward the packet on that path

Many companies are manufacturing Router:

Cisco Nortel Multicom Cyclades Juniper Dlink Linksys 3Com But Cisco is having monopoly in the market of Routers

Cisco divided the Router into 3 Layers

Access Layer Router Distribution Layer Router Core Layer Router Routers which are used by the Small Organization and are also known as Desktop or Company Layer Routers.

Router Series: 800, 1000, 1600, 1700, 2500

Routers which are used by the ISPs and are also known as ISP Layer Routers

Router Series: 2600, 3200, 3600, 3700 Routers which are used by the Global ISPs and are also known as Backbone Routers

Router Series: 6400, 7200, 7300, 7400, 7500, 7600, 10000, 12000

AUI pin configuration is 15 pin female. It is known as Ethernet Port or LAN port or Default Gateway. It is used for connecting LAN to the Router. Transceiver is used for converting 8 wires to 15 wires. i.e. RJ45 to 15 pin converter

Serial pin configuration is 60 pin configuration female (i.e. 15 pins and 4 rows) and Smart Serial pin configuration is 26 pin configuration female. It is known as WAN Port It is used for connecting to Remote Locations V.35 cable is having 60 pin configuration male at one end and on the other end 18 pin configuration male. It is known as Local Administrative Port It is generally used for Initial Configuration, Password Recovery and Local Administration of the Router. It is RJ45 Port IMP : It is the most delicate port on the Router. So make less use of the Console Port. Connect a rollover cable to the router console port (RJ-45 connector). Connect the other end of the rollover cable to the RJ-45 to DB-9 converter Attach the female DB-9 converter to a PC Serial Port. Open Emulation Software It is known as Remote Administrative Port. Used for remote administration Its an RJ-45 port A console or a rollover cable is to be used.

BRI Port Basic Rate Interface used to connect ISDN to the Router. It is a RJ45 Port. It is available on 2503 and 2520 model router. 10 Base T Port It is a RJ45 Port and used for connecting LAN to the Router. Its function is same as the AUI Port but there is no need for a Transceiver. It is available on 2520 model router.

WAN interfaces

Serial interface (S0, S1 etc) 60 pin/26 pin (smart serial)

ISDN interface (BRI0 etc) RJ45

LAN interfaces - Ethernet

AUI (Attachment Unit Interface) (E0) 15 pin 10baseT RJ45

Administration interfaces Console RJ45 - Local Auxiliary RJ45 - Remote

ROM A bootstrap program is located here. It is same as the BIOS of the PC. Bootstrap program current version is 11.0 Flash Internetwork Operating System (IOS) developed by Cisco is stored here. IOS is Command line interface. NVRAM Non volatile RAM, similar to Hard Disk It is also known as Permanent Storage or Startup Configuration. Generally size of NVRAM is 32 KB. RAM It is also known as Temporary Storage or running Configuration. Minimum size of RAM is 2MB. The size of RAM is greater than NVRAM in the Router.

Processor Motorola Processor 70 MHz, RISC based processor (Reduced Instruction Set Computer)

Router Start-up Sequence

Bootstrap program loaded from ROM Bootstrap runs the POST Bootstrap locates IOS in Flash IOS is expanded and then loaded into RAM Once IOS is loaded into RAM, it looks for startup-config in NVRAM

If found, the configuration is loaded into RAM Rating of the Trustworthiness of a routing information source. The Number is between 0 and 255 The higher the value, the lower the trust. Default administrative distances are as follows:

Directly Connected = 0 Static Route = 1 IGRP = 100 OSPF = 110 RIP = 120 EIGRP = 90/170

Classless routing protocol Supports VLSM Auto summary can be done on every router Supports authentication Trigger updates Uses multicast address 224.0.0.9.

Advantages of RIP

Easy to configure No design constraints No complexity Less overhead

Disadvantage of RIP

Bandwidth utilization is very high as broadcast for every 30 second Works only on hop count Not scalable as hop count is only 15 Slow convergence

Configuring RIP 1 Router(config)# router rip Router(config-router)# network <Network ID>

Configuring RIP 2 Router(config)# router rip

Router(config-router)# network <Network ID> Router(config-router)# version 2

Configuration of RIP v1 On Hyderabad Router HYDERABAD # config t HYDERABAD(config) # router rip HYDERABAD(config-router) # network 10.0.0.0 HYDERABAD(config-router) # network 1.0.0.0 HYDERABAD(config-router) # exit HYDERABAD(config) # exit On KSA Router KSA # config t KSA(config) # router rip KSA(config-router) # network 20.0.0.0 KSA(config-router) # network 1.0.0.0 KSA(config-router) # exit KSA(config) # exit Configuration of RIP v2 On Hyderabad Router HYDERABAD # config t HYDERABAD (config) # router rip HYDERABAD (config-router) # network 10.0.0.0 HYDERABAD (config-router) # network 1.0.0.0 HYDERABAD (config-router) # Version 2 HYDERABAD (config-router) # exit HYDERABAD (config) # exit On KSA Router KSA # config t KSA (config) # router rip KSA (config-router) # network 20.0.0.0 KSA (config-router) # network 1.0.0.0 KSA (config-router) # Version 2 KSA (config-router) # exit KSA (config) # exit

AUTONOMOUS SYSTEM NUMBER A unique number identifying the routing domain of the routers. Ranges from 1-65535 Public 1- 64512 Private 64513 65535 An autonomous system is a collection of networks under a common a administrative domain . IGP & EGP

- IGP operates within an autonomous system - EGP connects different autonomous system ENHANCED INTERIOR GATEWAY PROTOCOL Cisco properitary protocol Classless routing protocol Includes all features of IGRP Metric(32bit):composite metric (BW+Load+Delay+Mtu+Reliability) Administrative distance is 90

Updates are through Multicast(224.0.0.10) Max hop count is 255(100 default) Supports IP,IPX,Apple Talk protocols Hello packets are sent to every 5 secs Convergence rate is very fast

First released in 1994 with IOS version 9.21. Support VLSM and CIDR It uses DUAL (diffusion update algorithm) Summarization can be done on every router Supports equal const an unequal cost load balancing It maintains three tables

Neighbor table Topology table Routing table

Disadvantages of EIGRP Works only on Cisco routers

OSPF stand for Open Shortest path first Standard protocol Its a link state protocol It uses SPF (shortest path first) or dijkistra algorithm Unlimited hop count

Metric is cost (cost=10 ^8/B.W.) Administrative distance is 110 It is a classless routing protocol It supports VLSM and CIDR It supports only equal cost load balancing Introduces the concept of Areas to ease management and control traffic

Provides hierarchical network design with multiple different areas Must have one area called as area 0 All the areas must connect to area 0

Scales better than Distance Vector Routing protocols. Supports Authentication Updates are sent through multicast address 224.0.0.5 Faster convergence. Sends Hello packet every 10 seconds Trigger/Incremental updates Routers send only changes in updates and not the entire routing tables in periodic updates.

ROUTER ID The highest ip address of the active physical interface of the router is router id.If logical interface is configured, the highest ip address of the logical interface is router id.

ROUTER TYPES In OSPF depending upon the network design and configuration we have different types of routers. Internal Routers are routers whose interfaces all belong to the same area. These routers have a single Link State Database. Area Border Routers (ABR) It connects one or more areas to the backbone area and has at least one interface that belongs to the backbone, Backbone Router Area 0 routers Autonomous System Boundary Router (ASBR) Router participating in OSPF and other protocols (like RIP, EIGRP and BGP)

It maintains three tables: Neighbor Table Neighbor table contains information about the directly connected ospf neighbors forming adjacency. Database table Database table contains information about the entire view of the topology with respect

to each router. Routing information Table Routing table contains information about the best path calculated by the shortest path first algorithm in the database table. Advantages of OSPF Open standard No hop count limitations Loop free Faster convergence Disadvantages Consume more CPU resources Support only equal cost balancing Support only IP protocol dont work on IPX and APPLE Talk Summarization only on ASBR and ABR Configuring OSPF Router (config) # router ospf <PID> Router (config-router) # network <Network ID> <wildcard mask> area <area id> Implementing Path Control Using Offset Lists This section introduces offset lists and how to configure and verify path control using offset lists. Using Offset Lists to Control Path Selection An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via EIGRP or Routing Information Protocol (RIP). (Offset lists are only used for distance vector routing protocols.) Optionally, an offset list can be limited by specifying either an access list or an interface. Configuring Path Control Using Offset Lists To add an offset to incoming and outgoing metrics to routes learned via EIGRP or RIP, use the offset-list {access-list-number | access-list-name} {in | out} offset [interface-type interfacenumber] router configuration command, as explained in Table. Table offset-list Command Parameter access-listnumber | access-listname Description Standard access list number or name to be applied. Access list number 0 indicates all access lists. If the offset value is 0, no action is taken.

Parameter in out offset

Description Applies the access list to incoming metrics. Applies the access list to outgoing metrics. Positive offset to be applied to metrics for networks matching the access list. If the offset is 0, no action is taken. interface-type interface- (Optional) Interface type and number to which the offset list is number applied. The offset value is added to the routing metric. An offset list that specifies an interface type and interface number is considered to be an extended list and takes precedence over an offset list that is not extended. Therefore, if an entry passes the extended offset list and a normal offset list, the offset of the extended offset list is added to the metric. Figure illustrates an example network in which an organization is using RIP and is connected to the Internet service provider (ISP) via edge Routers R4 and R5. A subset of routes is received from each of the edge routers. The metric between Routers R2 and R5 is smaller than the metric between Routers R2 and R4, because it is only one hop. However, this is very slow link. An offset list can be used on Router R2 so that it prefers the path toward the edge Router R4 for a specific set of destinations.

Figure An Offset List Can Be Used to Prefer a Faster Path. A partial configuration of Router R2 is shown in Example 5-1. In this example, the offset-list 21 in 2 serial 0/0 command adds an offset of 2 to the metric of routes learned from interface serial 0/0 (connected to Router R5) that are permitted by access list 21. Access list 21 permits a specific set of routes (any in the 172.16.0.0/16 network) being learned from Router R5. This command is entered in RIP configuration mode on Router R2. This configuration results in the path toward Router R4 being considered better for the set of selected routes; R4 becomes the preferred way out toward the ISP for these routes. Example . Offset List Configuration for Router R2 in Figure router rip offset-list 21 in 2 serial 0/0 ! access-list 21 permit 172.16.0.0 0.0.255.255

Verifying Path Control Using Offset Lists You can use the traceroute EXEC to verify that an offset list is affecting the path that traffic takes. The routing table, viewed with the show ip route command, identifies the metrics for learned routes. You should compare these metrics to what was expected by the offset list configuration. For EIGRP, the EIGRP topology table can be examined using the show ip eigrp topology command. The topology table contains all routes learned from the router's EIGRP neighbors, and includes the metric information for those routes, including the best route and any other feasible routes that the router has learned about. Syntax Router(config-router)#offset-list <list> <in or out> <offset> <interface> Options <list> = 0 <list> = 1-99, 1300 - 1999 <list> = Name <in> <out> <offset> = 1 - 16 <interface> Example Here is the route table for R2 table before configuring the offset list. R2(config-router)#do show ip route rip 1.0.0.0/32 is subnetted, 3 subnets R 1.1.1.1 [120/1] via 10.1.1.1, 00:00:19, FastEthernet0/0 R 1.3.3.3 [120/1] via 10.1.1.1, 00:00:19, FastEthernet0/0 R 1.2.2.2 [120/1] via 10.1.1.1, 00:00:19, FastEthernet0/0 R 3.0.0.0/8 [120/1] via 10.2.2.3, 00:00:25, FastEthernet1/0 Here is the route table for R2 after setting the offset list for fa0/0 to 5. R2(config-router)#offset-list 0 in 5 fa0/0 R2(config-router)#do show ip route rip 1.0.0.0/32 is subnetted, 3 subnets R 1.1.1.1 [120/6] via 10.1.1.1, 00:00:09, FastEthernet0/0 R 1.3.3.3 [120/6] via 10.1.1.1, 00:00:09, FastEthernet0/0

All networks Standard accses list Named access list Affects inbound updates Affects outbound updates Amount to modify metric Only affects updates comming through this interface

R 1.2.2.2 [120/6] via 10.1.1.1, 00:00:09, FastEthernet0/0 R 3.0.0.0/8 [120/1] via 10.2.2.3, 00:00:12, FastEthernet1/0 Finally, here is the route table for R2 after setting the offset list to 7 for 1.3.3.3. R2(config)#access-list 25 permit 1.3.3.3 R2(config)#router rip R2(config-router)#offset-list 25 in 7 R2(config-router)#do show ip route rip 1.0.0.0/32 is subnetted, 3 subnets R 1.1.1.1 [120/1] via 10.1.1.1, 00:00:09, FastEthernet0/0 R 1.3.3.3 [120/8] via 10.1.1.1, 00:00:09, FastEthernet0/0 R 1.2.2.2 [120/1] via 10.1.1.1, 00:00:09, FastEthernet0/0 R 3.0.0.0/8 [120/1] via 10.2.2.3, 00:00:12, FastEthernet1/0 Route Filtering with an EIGRP Distribute List The Lab Configuration

It doesn't get much simpler than this- just a few routers in a row. For this exercise, we're only concerned about R1 and R2. Here's the route table before filtering. R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 2.0.0.0/8 [90/156160] via 172.16.12.2, 00:22:51, FastEthernet0/0 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:52:04, FastEthernet0/0 D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:52:04, FastEthernet0/0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:52:04, FastEthernet0/0 D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:52:04, FastEthernet0/0 EIGRP Distribute List with a Standard ACL We're going to get rid of Loopback 2 (2.0.0.0/8 network). Here's how: router eigrp 100 Distribute-list FILTER2 in ip access-list standard FILTER2

deny 2.0.0.0 permit any R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0 EIGRP Distribute List with an Extended ACL This one isn't too intuitive. The extended ACL cites the route source, and then the route to be filtered. Rather than use a mask for each, the keyword "host" makes it a bit simpler. router eigrp 100 Distribute-list FILTER2 in ip access-list extended FILTER2 deny ip host 172.16.12.2 host 2.0.0.0 permit ip any any R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0 EIGRP Distribute List with a Prefix List Here's a prefix list. We start with the deny, and that last bit of syntax is how to pass all other routes. router eigrp 100 Distribute-list prefix FILTER2 in ip prefix-list FILTER2 seq 10 deny 2.0.0.0/8 ip prefix-list FILTER2 seq 20 permit 0.0.0.0/0 le 32 R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0

EIGRP Distribute List with a Route Map and Prefix List Here's a route map, with a permit prefix list. Remember there's an implicit deny at the end of the prefix list. There's also one at the end of the route map, which is why I added a permit with no match clause, which should pass the other routes. router eigrp 100 Distribute-list route-map FILTER2 in ip prefix-list FILTER2 seq 10 permit 2.0.0.0/8 route-map FILTER2 deny 10 match ip address prefix-list FILTER2 route-map FILTER2 permit 20 R1#show ip route C 1.0.0.0/8 is directly connected, Loopback1 D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0 C 172.16.0.0/16 is directly connected, FastEthernet0/0 D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0 D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0

Company Hierarchical Network Design Overview Cisco introduced the hierarchical design model, which uses a layered approach to network designing 1999. The building block components are the access layer, the distribution layer, and the core (backbone) layer. The principal advantages of this model are its hierarchical structure

and its modularity.

Hierarchical Company Network Design In a hierarchical design, the capacity, features, and functionality of a specific device are optimized for its position in the network and the role that it plays. This promotes scalability and stability. The number of flows and their associated bandwidth requirements increase as they traverse points of aggregation and move up the hierarchy from access to distribution to core. Functions are distributed at each layer. A hierarchical design avoids the need for a fully-meshed network in which all network nodes are interconnected. The building blocks of modular networks are easy to replicate, redesign, and expand. There should be no need to redesign the whole network each time a module is added or removed. Distinct building blocks can be put in-service and taken out-of-service without impacting the rest of the network. This capability facilitates troubleshooting, problem isolation, and network management. Core Layer In a typical hierarchical model, the individual building blocks are interconnected using a core layer. The core serves as the backbone for the network, as shown. The core needs to be fast and extremely resilient because

every building block depends on it for connectivity. Current hardware accelerated systems have the potential to deliver complex services at wire speed. However, in the core of the network a less is more approach should be taken. Minimal configuration in the core reduces configuration complexity limiting the possibility for operational error.

Although it is possible to achieve redundancy with a fully-meshed or highly-meshed topology, that type of design does not provide consistent convergence if a link or node fails. Also, peering and adjacency issues exist with a fully-meshed design, making routing complex to configure and difficult to scale. In addition, the high port count adds unnecessary cost and increases complexity as the network grows or changes. The following are some of the other key design issues to keeping mind: Design the core layer as a high-speed, Layer3 (L3) switching environment utilizing only hardware-accelerated services. Layer3 core designs are superior to Layer2 and other alternatives because they provide: Faster convergence around a link or node failure. Increased scalability because neighbor relationships and meshing are reduced. More efficient bandwidth utilization. Use redundant point-to-point L3 interconnections in the core (triangles, not squares) wherever possible, because this design yields the fastest and most deterministic convergence

results. Avoid L2 loops and the complexity of L2 redundancy, such as Spanning Tree Protocol (STP) and indirect failure detection for L3 building block peers. Distribution Layer The distribution layer aggregates nodes from the access layer, protecting the core from high-density peering.. Additionally, the distribution layer creates a fault boundary providing a logical isolation point in the event of a failure originating in the access layer. Typically deployed as a pair of L3 switches, the distribution layer uses L3 switching for its connectivity to the core of the network and L2 services for its connectivity to the access layer. Load balancing, Quality Of service (QOS) and ease of provisioning are key considerations for the distribution layer.

Distribution Layer High availability in the distribution layer is provided through dual equal-cost paths from the distribution layer to the core and from the access layer to the distribution layer. This results infast, deterministic convergence in the event of a link or node failure. When redundant paths are present, failover depends primarily on hardware link failure detection instead of timer-based software failure detection. Convergence based on these functions, which are implemented in hardware, is the most deterministic. Access Layer The access layer is the first point of entry into the network for edge devices, end stations, and IP phones. The switches in the access layer are connected to two separate distribution layer switches for redundancy. If the connection between the distribution layer switches is an L3connection, then there are no loops and all uplinks actively forward traffic.

Access Layer A robust access layer provides the following key features High availability (HA) supported by many hardware and software attributes. Inline power (POE) for IP telephony and wireless access points, allowing customers to converge voice onto their data network and providing roaming WLAN access for users. Foundation services. The hardware and software attributes of the access layer that support high availability include the following: System-level redundancy using redundant supervisor engines and redundant power supplies. This provides high-availability for critical user groups. Default gateway redundancy using dual connections to redundant systems (distribution layer switches) that use GLBP, HSRP, or VRRP. This provides fast failover from one switch to the backup switch at the distribution layer. Operating system high-availability features, such as Link Aggregation (Ether Channel or802.3ad), which provide higher effective bandwidth while reducing complexity. Prioritization of mission-critical network traffic using Quos. This provides traffic classification and queuing as close to the ingress of the network as possible. Security services for additional security against unauthorized access to the network through the use of tools such as 802.1x, port security, DHCP snooping, Dynamic ARP Inspection, and IP Source Guard.

Efficient network and bandwidth management using software features such as Internet Group Membership Protocol (IGMP) snooping. IGMP snooping helps control multicast packet flooding for multicast applications Work tasks which I have been executing During my internship period is basic switch configuration, VLAN, VTP, Trunking configuration and Microsoft window server 2008 DNS, DHCP, FTP and active Directory. VLAN configuration The hierarchical topology segments the network into physical building blocks, simplifying operation and increasing availability. Each layer within the hierarchical infrastructure has a specific role. By default, switches break up collision domains and routers break up broadcast domains. The supervisor said that by creating virtual local area network (VLAN) in the distribution layer, switches break up broadcast domains in a pure switched internetwork. AVLAN is a logical grouping of network users and resources connected to administratively defined ports on a switch. He said that when you create VLANs, youre given the ability to create smaller broadcast domains within a layer 2 switched internetworks by assigning different ports on the switch to service different sub networks. A VLAN is treated like its own subnet or broadcast domain, meaning that frames broadcast onto the network are only switched between the ports logically grouped within the same VLAN.VLANs consists of two basic goals 1. Creating the VLAN and 2. Assigning the proper port to that VLAN In actuality, I am very concerned with the work During the Configuring of VLANs .VLANs can be created on a VTP server switch or they can be created on each individual switches but in third campus area network created all VLNs on VTP server switches which makes it more manageable and scalable. I have chosen the distribution layer switches to operate on a VTP server mode and I have made all the access switches to operate in VTP clients, Hence All the VLANs configured in distribution switch will be propagated to all the respected access switches. Note By default, all VLANs are allowed on all trunks. You can explicitly control which VLANs are allowed on a trunk by using the Switch port trunk allowed vlan Vlan-id Command on the interface at each end of the trunk. In addition, it can specify a native VLAN other than the default VLAN 1, using the switch port trunk native vlan-id command. These two measures can help reduce the possibility of VLAN attacks. The Fast Ethernet ports connected to the hosts on the network can be set up as static access because they are not to be used as trunk ports. Use the switch port mode access command to set the access mode.

VTP
VTP stands for VLAN trunking protocol VTP is a Cisco proprietary Layer 2 messaging protocol that manages the addition, deletion, and renaming of Virtual Local Area Networks (VLAN)on a network-wide basis. Cisco's VLAN Trunk Protocol reduces administration loads in a switched network. When a new VLAN is created on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere. VTP provides the following benefits: VLAN configuration consistency across the network Mapping scheme that allows a VLAN to be trunked over mixed media Accurate tracking and monitoring of VLANs. Dynamic reporting of added VLANs across the network Plug-and-play configuration when adding new VLANs A VTP domain, also called a VLAN management domain, consists of trunked switches that are under the administrative responsibility of a switch or switches in server VTP mode. A switch can be in only one VTP domain with the same VTP domain name. The default VTP mode for the2960 and 3560 switches is server mode. VLAN information is not propagated until a domain name is specified and trunks are set up between the devices.

Type of VTP Mode 1.VTP SERVER In this mode you can create, modify, and delete VLANs and specific other configuration parameters, such as VTP version and VTP pruning, for the entire VTP domain.VTP servers advertise their VLAN configuration to other switches in the same VTP domain and synchronize their VLAN configuration with other switches based on advertisements received over trunk links.VTP server is the default mode.VTP client VTP clients behave the same way as VTP servers, but you cannot create ,change, or delete VLANs on a VTP client.VTP transparent VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration nor synchronize its VLAN configuration based on received advertisements. Transparent switches do forward VTP advertisements that they receive out their trunk ports in VTP Version 2. 2. VTP Client VTP clients behave the same way as VTP servers, but you cannot create, change, or delete VLANs on a VTP client. 3. VTP Transparent

VTP transparent switches do not participate in VTP. A VTP transparentswitch does not advertise its VLAN configuration nor synchronize itsVLAN configuration based on received advertisements. Transparentswitches do forward VTP advertisements that they receive out their trunk ports in VTP version 2.

Trunk Trunking is a process of connecting switches together so that they can send VLAN information between each other. A trunk port is a point to point connection between switches, a switch and a router, or even a switch and a server, and it carries the traffic of multiple VLANS.

Configuration of trunk involves identifying trunk ports and selecting the encapsulation type. Identifying the trunk ports is a useful task in such a way that it eases VLAN configuration and administration. He remained that, all the uplink ports connecting access switches to distribution switches, distribution switches to core switches, edge switches to core switches and DMZ switches to core switches are set to be trunk ports. Ports on the 2960 and 3560 switches are set to dynamic auto by default. This means that they are willing to negotiate a trunk with the neighbor; however, if both sides are set to dynamic auto, the link will remain in access mode. This can be done by configuring one end of the trunk using the Switch port mode trunk command. On the 3560 switches, I also need to configure the trunk encapsulation with the switch port trunk encapsulation command. The 3560 switch can use either Inter-Switch Link (ISL) or 802.1Q encapsulation, whereas the 2960 switch only supports802.1Q. DHCP I spend some more time working on Dynamic host configuration protocol DHCP is defined in RFC 2131 and is built around a client/server modelhosts requesting IP addresses use a DHCP client, whereas address assignment is handled by a DHCP server. Hosts can be manually configured to use a static IP address, subnet mask, default gateway address, and so on. That might be appropriate for some devices, such as servers, which would need stable and reserved addresses. For the majority of end user devices, static address assignment can become a huge administrative chore. Because DHCP is a dynamic mechanism, IP addresses are offered on a leased basis. Before the offered lease time expires, the client must try to renew its address; otherwise, that address may be offered up to a different client. DHCP Design Considerations DHCP servers which in BDU are the distribution switches. The distribution switches are configured as a DHCP server because DHCP is designed to work within a broadcast domain. They offer the client devices in the BDU network IP address, subnet mask, and default gateway address from the respective DHCP excluded addresses within the IP subnet that should be reserved and not offered to clients.

 DHCP pool uses a text string pool-name to define the pool or scope of addresses that will be offered. The network command identifies the IP subnet and subnet mask of the address range. The subnet should be identical to the one configured on the Layer3 interface. The DHCP leas time .. The DNS name of the company is The IP address for the DNS server is Network Address Translation Furthermore, another lesson I have learned during my internship period at company is that the internet is expanding at an exponential rate. As the amount of information and resources increases, it is becoming a requirement for even the smallest businesses and homes to connect to the Internet. Network Address Translation (NAT) is a method of connecting multiple computers to the internet (or any other IP network) using one IP address. This allows home users and small businesses to connect their network to the Internet cheaply and efficiently. The impetus towards increasing use of NAT comes from a number of factors: A world shortage of IP addresses Security needs Ease and flexibility of network administration The rest of the internship period was spend working on Microsoft server 2008 configuration like DNS, DHCP, IIS, Active directory and FTP server with my supervisor. In fact, it was a very important experience to me because it expanded my practical knowledge and helped me to develop new practical skills and abilities. Microsoft Window Server 2008 Active Directory Domain Services Active Directory domain services are used primarily to manage Users and Resource management across Enterprise infrastructures spanning the physical subnets across the globe. Active Directory domain provides distributed database to store and manage application data, user data and computer data respectively. Active directory structure comprises of Single forest, with multiple domains and child domains. Administrator can configure active directory domain based on the physical subnets, it is advisable to install directory server on the physical site. Active directory provides different security boundaries in the form of a) Forest b) Domain c) Organizational Units AD plays two basic functions within a network: that of a directory service containing a hierarchical listing of all the objects within the network, and that of an authentication and security service that controls and provides access to network resources. These two

roles are different in nature and focus, but they combine together to provide increased user capabilities while decreasing administrative overhead. The Active Directory itself is defined by a schema that indicates how each object is represented within the data store. For example, a user object has, among other things, a first name, last name, logon name, e-mail address, and password. If youre familiar with databases, you should already be familiar with the term schema since a database schema refers to the structure of the database in the same way the Active Directory schema defines the Active Directorys structure. Domain Name System (DNS) is a system for naming computers and network services that maps those names to network addresses and organizes them into a hierarchy of domains. DNS naming is used on TCP/IP networks, such as the Internet and most corporate networks, to locate computers and services by using user-friendly names. When a user enters the DNS name of a computer in an application, DNS can look up the name and provide other information that is associated with the computer, such as its IP address or services that it provides for the network. This process is called name resolution. Name systems, such as DNS, make it easier to use network resources by providing users with away to refer to a computer or service by a name that is easy to remember. DNS looks up that name and provides the numeric address that operating systems and applications require to identify the computer on a network. Procedures I have been following while performing my tasks Procedures I have been using during my internship period in BDU, main campus data center performing my tasks are: 1. Analyze each network hardware equipments in company. 2. Identified the three layer Campus hierarchical network. 3. Analyze Cisco switch command4. 4. Configuration of distribution layer switch5. 5. Configuration of access layer switch. In the first month of my internship program, it was all about study technical details regarding the application of each network hardware infrastructure in the data center as well as identified the Identified the three layers Campus hierarchical network model. While the procedures which carried out during the second month is from analyzing Cisco switch command to the study of VLAN, VTP, Trunk and configuration of distribution and access layer switch. IP version 6 IPv4 Vs. IPv6

Abbreviations are possible: Example:

2001:0db8:0:130F::87C:140B NOTE: Double colon can only appear once in the address IPv6 Address Types

2001:0db8:0000:130F:0000:0000:087C:140B

Why IPv6?

IPv4 address is of 32-bits 232 = 4,294,967,296 maximum addresses IPv6 address is of 128-bits

2128 = 340,282,366,920,938,463,463,374,607,431,770,000,000

3.4 1038 addresses

Abbreviated IPv6 Addresses

Type of Communication

UNICAST: ONE TO ONE

Address of a single interface. One-to-one delivery to single interface

MULTICAST: ONE TO MANY Address of a set of interfaces. One-to-many delivery to all interfaces in the set

ANYCAST: ONE TO CLOSEST Address of a set of interfaces. One-to-one-of-many delivery to a single interface in the set that is closest.

No more broadcast addresses

Enabling IPv6 IPv6 unicast routing will be off by default, first we need to enable ipv6 unicast-routing command

As soon as we configure the command we will be enabling ipv6 ICMP neighbour discover

Appendix
Basic Cisco Catalyst Switch Configuration Command A .Distribution Switch Configuration Switch>enable Switch# config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#hostname DLS DLS (config)#enable password cisco DLS (config)#enable secret Cisco DLS (config)#service password-encryption DLS (config)#line con DLS (config)#line console 0 DLS (config-line)#password cisco DLS (config-line)#login DLS (config-line)#exit DLS (config)#line vty 0 4 DLS (config-line)#password cisco DLS (config-line)#login DLS (config-line)#exit DLS (config)#banner motd # ACCOUNTS & MARKETING DEPARTMENTS DEPARTMENT DISTRUBUTION SWITCH ************************************************************# DLS (config)#vlan 10 DLS (config-vlan)#name accounts DLS (config-vlan)#vlan 20 DLS (config-vlan)#name marketing DLS (config)#interface fastEthernet 0/23 DLS (config-if)#switchport trunk encapsulation dot1q DLS (config-if)#switchport mode trunk DLS (config)#vtp domain SWLABDLS (config)#vtp version 2 DLS (config)#vtp mode server

DLS(config)# interface vlan 1 DLS(config-if)# ip address 10.1.1.101 255.255.255.0 DLS (config)#ip dhcp pool Mother DLS (dhcp-config)#network 10.133.0.0 255.255.255.0 DLS (dhcp-config)#default-router 10.133.1.254 DLS (dhcp-config)#ip dhcp pool vlan10 DLS (dhcp-config)#network 10.133.10.1 255.255.255.0 DLS (dhcp-config)#default-router 10.133.10.1 DLS (dhcp-config)#lease 5 DLS (dhcp-config)#ip dhcp pool vlan20 DLS (dhcp-config)#network 10.133.20.1 255.255.255.0 DLS (dhcp-config)#default-router 10.133.20.1 DLS (dhcp-config)#lease 5

References:1. Sean Odom, Hanson Nottingham, Cisco Switching Black Book, The Coriolis Group,20012. 2. Todd Lammel , CCNA Cisco Certified Network Associate Study Guide 6thedition, Wiley publishing, Inc.2007. 3. Cisco Systems,Inc.,2008.http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_rec overy_DG/campusRecovery.html6. 4. www.windowsnetworking.com. 5. www.encyclopideia.com. 6. Cisco Aironet 1250 Series Access Point, http://www.hardware.com/store/cisco/AIRLAP1252AG-E-K9 7. Cisco Networking Academy, CCNA SWITCH Lab Manual Cisco Press, 2011